Wegmans Database Breach Exposed User Information

Wegmans Food Markets were hit with a database breach that exposed customers’ information — name, address, email, birth date — but no social security numbers or financial information. 

The Rochester, New York supermarket said in a press release that “a previously undiscovered configuration issue” led to two of its internal cloud databases being inadvertently left open to potential outside access. The company said it notified its customers that no financial information or social security numbers were involved since the company doesn’t collect or store that data.

Access to Wegmans.com also was compromised as far as usernames and passwords, but the passwords were “hashed” and “salted,” meaning that the actual password characters were not contained in the databases, according to the press release.

The configuration issue began in 2018, although Wegmans said that it didn’t find out about the breach until roughly April 19 of this year. 

“Wegmans worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue,” Wegmans said per the release. 

The Wegmans supermarket chain has 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts and North Carolina.

Wegmans is just one of many retailers facing data breaches across the U.S.

The Carnival Cruise Line said it was subjected to a data breach in March of this year and some customer data and crew member information was possibly exposed, CyberWire reported.

Earlier this month, McDonald’s databases were hacked in the U.S. as well as South Korea and Taiwan. The breach didn’t include access to customers’ financial data — it exposed employee and franchisee information. The fast-food chain indicated that nothing sensitive was exposed.